책 이미지
책 정보
· 분류 : 외국도서 > 컴퓨터 > 보안 > 일반
· ISBN : 9780367551742
· 쪽수 : 272쪽
목차
Contents Introduction Chapter 1 Introduction to the CISA examination The structure of the CISA exam Becoming Certified Experience requirements Passing the Exam CISA Job Practice Domains and task and knowledge statements ISACAs Code of Professional Ethics The ISACA Standards Continuous Professional Education Chapter 2: Domain 1The Process of Auditing Information Systems Knowledge Statements Understanding the Fundamental Business Processes Control principles related to controls in information systems Risk-based audit planning and audit project management techniques Quality of the internal control framework Auditor understanding of the applicable laws Evidence collection techniques Domain One exam tips Domain One - Practice questions Domain One Review Questions and Hands on Exercise Domain One - Answers to practice questions Exercise 1 sample answer Chapter 3: Domain 2Governance and Management of IT Governance in General Resource Management Project Management Tools Auditors Role in the Project Management Process Audit Risk Assessment Audit Planning Domain Two - practice questionsDomain Two Review Questions and Hands on Exercise Exercise 2 sample answer Domain 2 Answers to practice questions Chapter 4: Domain 3Information Systems Acquisition, Development and Implementation Systems Acquisition Systems Development Systems Implementation Systems Maintenance Review Domain Three - practice questionsDomain Three Review Questions and Hands on Exercise Exercise 3 sample answer Domain 3 Answers to practice questions Chapter 5: Domain 4 Information Systems Operations, Maintenance and Service Management Hardware Auditing Operating Systems People System interfaces Change Management Auditing Change Control Disaster Recovery Planning Auditing Service Delivery Domain Four - practice questions Domain Four Review Questions and Hands on Exercise Exercise 4 sample answer Domain 4 Answers to practice questions Chapter 6: Domain 5 Protection of Information Assets Protection of information assets Privacy principles Design, implementation, maintenance, monitoring and reporting of security controls Physical access controls for the identification, authentication and restriction of users Logical access controls for the identification, authentication and restriction of users Risk and controls associated with virtualization of systems Risks and controls associated with the use of mobile and wireless devices Encryption-related techniques and their uses Public key infrastructure (PKI) components and digital signature techniques Peer-to-peer computing, instant messaging, and web-based technologies Data classification standards related to the protection of information assets Risks in end-user computing Implementing a security awareness program Information system attack methods and techniques Prevention and detection tools and control techniques Security testing techniques Penetration testing and Vulnerability scanning Forensic investigation and procedures in collection and preservation of the data and evidence Domain Five - practice questions Domain Five Review Questions and Hands on Exercise Exercise 5 sample answer Domain 5 Answers to practice questions Chapter 7 Preparing for the Exam Appendices Appendix A: Glossary of Terms Appendix B: CISA Sample Exam Choose any 150 questions Appendix C: Sample Exam Answers